Carlos Veliz
Quiz by , created more than 1 year ago

Authentication and Authorization

180
0
0
Carlos Veliz
Created by Carlos Veliz over 9 years ago
Close

Authentication and Authorization

Question 1 of 10

1

Which of the following statements is not part of the types of authentication mechanisms?

Select one of the following:

  • HTTP Basic Authentication

  • Form-Based Authentication

  • Authentication 802.1x

  • Client/Server Mutual Authentication

Explanation

Question 2 of 10

1

Cual de los siguientes enunciados no corresponde a los pasos de una autenticación basica?

Select one of the following:

  • Requests a protected resource

  • Request username password

  • Redirect to login page

  • Returns request resource

  • Sends username password

Explanation

Question 3 of 10

1

Indicate whether the following definition is true or false for form-based authentication:
"SSL can be added to part or whole of the web application"

Select one of the following:

  • True

  • False

Explanation

Question 4 of 10

1

It is not part of the job overview of Kerberos:

Select one of the following:

  • Key Distribution Centre in Kerberos stores account information and client passwords

  • Working proccess is invisible to the user

  • This mechanism issues tickets containing user identity, encrypted password, encrypted data

  • Client authentication ensures that the users are legitimate or not

Explanation

Question 5 of 10

1

It is not a way to prevent Web-based enumeration attack:

Select one of the following:

  • Lock out targeted account access after a certain restricted failed attempts

  • Web applications need to respond with similar error messages to all authentication failures

  • Analyze URLs and ther responses during security testinf to authentication failures and prevent unnecessary information leakage

  • Analyze Web page titles and their responses during authentication failures and prevent unnecesaary information leakage

Explanation

Question 6 of 10

1

Authorization is the proccess that control access rights of principals to system resources that include:

Select one of the following:

  • Access to users

  • Access to proccess

  • Access to machines

  • All of the above

  • None of the above

Explanation

Question 7 of 10

1

Which is the fifth step in implementing authorization?

Select one of the following:

  • Defining roles to users

  • check for user authentication for the application

  • Apply the constrains which are accessible by role

  • Define security roles of an application to roles defined in memory realm

Explanation

Question 8 of 10

1

It is not part of the access control model:

Select one of the following:

  • System Domain

  • AWT

  • Printer

  • Database Server

  • File I/O

Explanation

Question 9 of 10

1

Which of the following statements is not part of the principles of least privilege?

Select one of the following:

  • User account should have enongh privileges according to their task

  • Evaluate and implement code access permissions

  • Save sensitive files with random names and clean temporay files

  • Enable web applications access to database through limited accounts only

  • Avoid Web application servers running at privileged accounst such as administrador, root, sysman, sa, etc.

Explanation

Question 10 of 10

1

Which of the following is not a best practice in the management of sessions?

Select one of the following:

  • Make use of SSL

  • Do not add sensitive data in security token

  • Impose concurrent login limits

  • Regenerate session IDs upon privilege changes

  • A user has access to resources based on the role assigned

Explanation